I could use a hand with finding the best solution for this.
The list I manage is in a position where we cannot afford to simply
close the list to all but zubscribers, and I haven't got the access to
the server required to set up an extra file for Majordomo to scan via
restrict_post. But we hardly ever get spammed, because we're mostly a
word-of-mouth community and our address isn't just freely floating
about, so I generally just wait until we've been hit and add a new taboo
filed to make sure that spammer is stopped.
Now I've got one for which I can't determine the proper taboo field. We
got three messages, all with different From and To headers, but with
rather similar Received headers. Here's the first one:
Return-Path: <[EMAIL PROTECTED]>
Received: from europe.std.com by world.std.com (TheWorld/Spike-2.0)
id AA02714; Thu, 18 Jun 1998 18:27:07 -0400
Received: by europe.std.com (8.7.6/BZS-8-1.0)
id SAA17722; Thu, 18 Jun 1998 18:27:01 -0400 (EDT)
Received: from world.std.com by europe.std.com (8.7.6/BZS-8-1.0)
id SAA17700; Thu, 18 Jun 1998 18:26:57 -0400 (EDT)
Received: from mailhost.bpa.nl by world.std.com (TheWorld/Spike-2.0)
id AA02381; Thu, 18 Jun 1998 18:26:52 -0400
Received: from resilier (1Cust16.tnt3.lax3.da.uu.net [153.37.61.16])
by mailhost.bpa.nl (8.8.8/8.8.7) with SMTP id AAA00608;
Fri, 19 Jun 1998 00:22:38 +0200 (MET DST)
Date: Fri, 19 Jun 1998 00:22:38 +0200 (MET DST)
From: 7ys5dl <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Received: from SMTP.XServer (Smail4.1.19.1 #20) id m0wBzN7-009vdR;
Thursday, June 18th, 1998
Received: from mail.apache.net(really [164/187]) by relay.comanche.com
Tuesday, June 16th, 1998
Received: from mail.apache.net(really [164/187]) by relay.comanche.com
Tuesday, June 16th, 1998
Received: from 32776.21445(really [80110/80111]) by relay.denmark.nl
Sunday, June 14th, 1998
Received: from local.nethost.org(really [24553/24554]) by
relay.SS621.net
Saturday, June 13th, 1998
Message-Id: <[EMAIL PROTECTED]> Friday, June
19th, 1998
Sender: [EMAIL PROTECTED]
Precedence: list
Reply-To: 7ys5dl <[EMAIL PROTECTED]>
Authenticated sender is <[EMAIL PROTECTED]>
Subject: 7 l
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Everything after Reply-To wound up in the body, presumably because of
the blank line. I noted that all of them had the first Received line
"from local.nethost.org [...] by relay.SS621.net" and they all had
Message-Id fields that included "relay.comanche.denmark.eu" but I'm not
sure which of those to plonk - I wouldn't want to ban a site that's just
been forged into the header, but I have no idea how to tell which is
authentic and which is not, if any.
Any help or pointers will be lapped up greedily and with much gratitude.
--
<[EMAIL PROTECTED]> NE-Raves Account Admin.
<[EMAIL PROTECTED]> Geoff Capp Productions
"We can't stop here - this is bat country!" -R.Duke
